diff --git a/code_signature.gni b/code_signature.gni index 5e5b3effb666bc9016c6f53715a7667da2424eff..7698acf52f0efd455f4b49ef9769ce4d029a12e4 100644 --- a/code_signature.gni +++ b/code_signature.gni @@ -9,7 +9,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License. fuzz_module_output_path = "code_signature/code_signature" code_signature_root_dir = "//base/security/code_signature" @@ -18,3 +18,7 @@ openssl_dir = "//third_party/openssl" rust_openssl_dir = "//third_party/rust/crates/rust-openssl" googletest_dir = "//third_party/googletest" third_party_securec_dir = "//third_party/bounds_checking_function" + +declare_args() { + code_signature_support_openharmony_ca = true +} diff --git a/interfaces/innerkits/code_sign_utils/BUILD.gn b/interfaces/innerkits/code_sign_utils/BUILD.gn index 88817b053eecd93093c97226832fbe9b80195c6d..fd8d233b516400befc0cbba8e9ddfa070bed348c 100644 --- a/interfaces/innerkits/code_sign_utils/BUILD.gn +++ b/interfaces/innerkits/code_sign_utils/BUILD.gn @@ -33,10 +33,14 @@ ohos_shared_library("libcode_sign_utils") { configs = [ "${code_signature_root_dir}:common_utils_config" ] deps = [ - "${code_signature_root_dir}/services/key_enable:key_enable_lib", "${code_signature_root_dir}/utils:fsverity_sign_src_set", "${openssl_dir}:libcrypto_shared", ] + if (host_os == "linux" && !is_asan) { + deps += [ "${code_signature_root_dir}/services/key_enable:key_enable_lib" ] + } else { + sources += [ "${code_signature_root_dir}/services/key_enable/src/asan/disable_rust_interface.cpp" ] + } external_deps = [ "ability_base:extractortool", "appverify:libhapverify", diff --git a/services/key_enable/BUILD.gn b/services/key_enable/BUILD.gn index f1e309e36b445f274f2104d7ac62834622005aca..3a5d642df3bc20d1b8700a842db733eb31ec144c 100644 --- a/services/key_enable/BUILD.gn +++ b/services/key_enable/BUILD.gn @@ -60,7 +60,11 @@ ohos_rust_shared_ffi("key_enable_lib") { } ohos_prebuilt_etc("trusted_cert_path") { - source = "config/trusted_cert_path.json" + if (code_signature_support_openharmony_ca) { + source = "config/openharmony/trusted_cert_path.json" + } else { + source = "config/trusted_cert_path.json" + } part_name = "code_signature" subsystem_name = "security" relative_install_dir = "security" @@ -81,11 +85,14 @@ ohos_prebuilt_etc("key_enable.cfg") { } group("key_enable_targets") { - deps = [ - ":key_enable", - ":key_enable.cfg", - ":key_enable_lib", - ":trusted_cert_path", - ":trusted_cert_path_test", - ] + deps = [] + if (host_os == "linux" && !is_asan) { + deps += [ + ":key_enable", + ":key_enable.cfg", + ":key_enable_lib", + ":trusted_cert_path", + ":trusted_cert_path_test", + ] + } } diff --git a/services/key_enable/config/openharmony/trusted_cert_path.json b/services/key_enable/config/openharmony/trusted_cert_path.json new file mode 100644 index 0000000000000000000000000000000000000000..377133908170e163eaf9979a042dc0f65fa1bb0c --- /dev/null +++ b/services/key_enable/config/openharmony/trusted_cert_path.json @@ -0,0 +1,90 @@ +{ + "trust-profile-path":[ + { + "mode":"developer", + "type":"", + "subject":"C=CN, O=Huawei, OU=HOS AppGallery, CN=HOS Profile Management", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"developer", + "type":"", + "subject":"C=CN, O=Huawei CBG, OU=HOS Development Team, CN=HOS Application Provision Profile Release", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"debug", + "type":"", + "subject":"C=CN, O=Huawei, OU=HOS AppGallery, CN=HOS Profile Management Debug", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"debug", + "type":"", + "subject":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Profile Debug", + "issuer":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application CA", + "max-certs-path":3 + }, + { + "mode":"debug", + "type":"", + "subject":"C=CN, O=Huawei CBG, OU=HOS Development Team, CN=HOS Application Provision Profile Release_Debug", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + } + ], + "trust-cert-path":[ + { + "mode":"Release", + "type":"Authed", + "subject":"C=CN, O=Huawei, OU=HOS AppGallery, CN=HOS AppGallery Application Release", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"Release", + "type":"Authed", + "subject":"ALL", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"Release", + "type":"Block", + "subject":"C=CN, O=Huawei, OU=Huawei CBG, CN=HOS Application Provision Debug V2", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"Release", + "type":"Block", + "subject":"", + "issuer":"", + "max-certs-path":3 + }, + { + "mode":"Dev", + "type":"Platform", + "subject":"C=CN, O=Huawei, OU=Huawei CBG, CN=HOS Application Provision Debug V2", + "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", + "max-certs-path":3 + }, + { + "mode":"Dev", + "type":"Debug", + "subject":"", + "issuer":"", + "max-certs-path":3 + }, + { + "mode":"Dev", + "type":"Authed", + "subject":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Release", + "issuer":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application CA", + "max-certs-path":3 + } + ] +} \ No newline at end of file diff --git a/services/key_enable/config/trusted_cert_path.json b/services/key_enable/config/trusted_cert_path.json index 377133908170e163eaf9979a042dc0f65fa1bb0c..907984987dc72ff3ed17fcecf3c2d160509dadcc 100644 --- a/services/key_enable/config/trusted_cert_path.json +++ b/services/key_enable/config/trusted_cert_path.json @@ -21,13 +21,6 @@ "issuer":"C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Software Signing Service CA", "max-certs-path":3 }, - { - "mode":"debug", - "type":"", - "subject":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Profile Debug", - "issuer":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application CA", - "max-certs-path":3 - }, { "mode":"debug", "type":"", @@ -78,13 +71,6 @@ "subject":"", "issuer":"", "max-certs-path":3 - }, - { - "mode":"Dev", - "type":"Authed", - "subject":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Release", - "issuer":"C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application CA", - "max-certs-path":3 } ] } \ No newline at end of file diff --git a/services/key_enable/src/asan/disable_rust_interface.cpp b/services/key_enable/src/asan/disable_rust_interface.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6ce433c6af019775225d9967748537d48bb72d92 --- /dev/null +++ b/services/key_enable/src/asan/disable_rust_interface.cpp @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "rust_interface.h" +#include "errcode.h" + +/// two mocked function beacause of at asan mode, c_utils:utils_rust cannot compile +int32_t EnableKeyInProfileByRust(const char* bundleName, const uint8_t* profile, uint32_t profileSize) +{ + return OHOS::Security::CodeSign::CS_SUCCESS; +} + +int32_t RemoveKeyInProfileByRust(const char* bundleName) +{ + return OHOS::Security::CodeSign::CS_SUCCESS; +} \ No newline at end of file diff --git a/test/unittest/resources/demo_verity/elf/elf_expand_tree b/test/unittest/resources/demo_verity/elf/elf_expand_tree deleted file mode 100644 index b79bc545a40715d2fdc83b75a2cb9253ec8e913f..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/elf/elf_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4K/file_4K_expand_tree b/test/unittest/resources/demo_verity/file_4K/file_4K_expand_tree deleted file mode 100644 index 1020fe35b73cde34ff3c1d9363798a92322049d1..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4K/file_4K_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4K_greater/file_4K_greater_expand_tree b/test/unittest/resources/demo_verity/file_4K_greater/file_4K_greater_expand_tree deleted file mode 100644 index 109d20e11f56937ea2332ab4ff3c5b84fafe9c80..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4K_greater/file_4K_greater_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4K_less/file_4K_less_expand_tree b/test/unittest/resources/demo_verity/file_4K_less/file_4K_less_expand_tree deleted file mode 100644 index a676d9a28de1ea3ae9debc1b3ba42bee855d15e8..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4K_less/file_4K_less_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4M/file_4M_expand_tree b/test/unittest/resources/demo_verity/file_4M/file_4M_expand_tree deleted file mode 100644 index 34bb8ccdaba9a2d6ea1d10b81d00c164aa32befc..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4M/file_4M_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4M_greater/file_4M_greater_expand_tree b/test/unittest/resources/demo_verity/file_4M_greater/file_4M_greater_expand_tree deleted file mode 100644 index 1312273c9fc82209560402150da667aafcd8aecc..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4M_greater/file_4M_greater_expand_tree and /dev/null differ diff --git a/test/unittest/resources/demo_verity/file_4M_less/file_4M_less_expand_tree b/test/unittest/resources/demo_verity/file_4M_less/file_4M_less_expand_tree deleted file mode 100644 index f7d17cd50a886f745c228fcebb94e476acfed37e..0000000000000000000000000000000000000000 Binary files a/test/unittest/resources/demo_verity/file_4M_less/file_4M_less_expand_tree and /dev/null differ